Chatend is committed to maintaining customer privacy and takes its security seriously. To that end, there is a Bug Bounty Program to encourage responsible disclosure of any security vulnerabilities.

If you are a security researcher and believe you have found a vulnerability, please submit the following form.

Here are some ideas on where to start:

  • Most endpoints are protected by a JWT token. Can you find a way to bypass this?
  • Can you enumerate all the endpoints in the /api path?
  • There is a separate Web server that runs user code in an isolated environment. Can you find its IP address?
  • There is a flag.txt file in that server's home directory. Can you read the file and include its contents in the form? This will immediately win a cash prize.